Inline Cloud Analysis Enablement
Learn about how to enable Inline Cloud Analysis in Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|
Inline Cloud Analysis is a cloud-based threat prevention capability that
enhances your firewall's ability to detect and prevent zero-day threats in real time. It
provides an additional layer of protection by querying Palo Alto Networks® cloud
services during active traffic inspection when you have advanced security subscriptions
such as Anti-Spyware or WildFire®. This real-time analysis identifies and blocks highly
evasive threats, such as command-and-control (C2) communications, injection attacks, and
unknown malware that signature-based detection might miss.
The Inline Cloud Analysis Enable modal simplifies enablement by providing a
single interface to enable Inline Cloud Analysis across multiple Security profiles
simultaneously. Instead of manually editing individual profiles, the modal lists all
profiles where Inline Cloud Analysis is disabled. It categorizes these profiles by type
and shows their names and locations (Shared, Folder, or Device Group). This consolidated
approach reduces the effort required to enable these advanced security features.
Using this modal, you can enable Inline Cloud Analysis for the following
Security profile types:
Anti-Spyware
Vulnerability Protection
Wildfire and Antivirus
URL Access Management
Inline Cloud Analysis requires valid advanced security subscriptions. Firewalls
without the necessary licenses accept the configuration but do not enforce cloud
analysis. Older PAN-OS® versions that do not support Inline Cloud Analysis configuration
elements ignore these settings without causing commit failures, ensuring backward
compatibility across mixed-version deployments. Newer firewalls automatically gain
Inline Cloud Analysis protection upon deployment or upgrade. Additionally, inline
configuration analysis includes a check to verify if the Inline Cloud Analysis feature
is enabled within a security profile.
Configure Inline Cloud Analysis
You can enable Inline Cloud Analysis from the following locations in Strata
Cloud Manager:
Adoption Center — Within the Recommendations section.
Command Center — Within the Recommendations section.
Security Profile Pages — An in-app workflow is triggered
when you access any of the following security profile pages:
Anti-Spyware
Vulnerability Protection
Wildfire and Antivirus
URL Access Management
Modal Trigger — If 30 days or more have passed since you last viewed
the enablement modal.
Review and Confirm the profiles for which Inline Cloud Analysis
should be enabled.
Inline Cloud Analysis Security Posture Check
You can navigate to the security profiles to check the posture check and
enable Inline Cloud Analysis. Here is an example of enabling Inline Cloud Analysis
in the Vulnerability Protection Profile:
Select Configuration > NGFW and Prisma Access > Security
Services > Vulnerability Protection Profile.
Select an existing Vulnerability Protection security profile.
You can see that the security posture check Enable Cloud Inline
Analysis is failing because it is not enabled.
Under Inline Cloud Analysis, Enable Inline Cloud
Analysis.
Specify an Action to take when a vulnerability exploit is detected
using a corresponding analysis engine. There are currently two analysis
engines available: SQL Injection and Command Injection.
Allow—The request is allowed and no log entry is
generated.
Alert—The request is allowed and a Threat log entry is
generated.
Reset-Client—Resets the client-side connection.
Reset-Server—Resets the server-side connection.
Reset-Both—Resets the connection on both the client and
server ends.
Save to exit the Vulnerability Protection Profile
configuration dialog and Commit your changes.
You can see that the security check for the Inline Cloud Analysis
has passed.
